‹ Back to careers

Web Application Security Engineer

Based in Salt Lake City our team is building the leading industry leading legal case management platform. And the good news? We have a lot of fun while we do it.

The successful candidate will demonstrate integrity, teamwork, quality and high performance in all areas of his/her work. The Web Application Security EngineerI will be a highly skilled individual that is an expert in web application security technologies and complying with HIPAA, SOC 2 Type I & II, and other compliance requirements. This individual will have strong technical skills to ensure Filevine’s information is secure at all times. Our ideal candidate will not only be a team player but will also have a strong engineering background and ability to convey technical information into business terms.

Filevine is looking for an Web Application Security Engineer to join our Information Security team to ensure that our platform, applications, and cloud infrastructure are designed and secured at the highest levels thus protecting and enhancing customer trust. If you are bright, hardworking, ambitious and enjoy taking ownership for security and compliance, we want to talk to you. This is an exciting opportunity to join a world-class team.

Key Responsibilities

  • Strategize and outline goals and objectives of the application security program.
  • Assist with application security efforts to meet HIPAA, SOC 2 Type I & II and other compliance requirements.
  • Work directly with development teams and DevOps teams to ensure secure coding best practices are fully integrated with the Software Development Lifecycle.
  • Gauge and prioritize risk on identified vulnerabilities.
  • Design and implement static application security testing (SAST) and dynamic application security testing (DAST) tools and methodologies into the SDLC.
  • Help train developers with secure coding techniques to mitigate the need for break-fix/out-of-band patching.
  • Perform on-going security testing and code review to improve software security.
  • Troubleshoot and debug issues that arise with SAST and DAST tools.
  • Provide engineering designs for new software solutions to help mitigate security vulnerabilities.
  • Maintain technical documentation on processes and policies.
  • Develop a familiarity with new tools and techniques in the industry.

Qualifications And Education Requirements Required

  • Bachelor's Degree or equivalent in Computer Science, Computer Engineering, Information Technology, or related field.
  • 2+ years of experience in application security or direct development experience related to a secure SDLC.
  • Proven work experience as an Application Security Engineer or Software Engineer with a passion for secure coding.
  • Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation.
  • Familiarity with the OWASP Top 10.
  • Experience with threat modeling methodologies.
  • Software development experience in two of the following core languages: Python, Java, PHP, JS, .Net.
  • Knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols.
  • Experience designing, testing, or auditing technical application security controls.
  • Working knowledge of and demonstrated experience with HIPAA Security Rules.
  • Demonstrated knowledge of project management methodologies (Agile, Waterfall).
  • Ability to work in a fast-paced environment.
  • Must exhibit excellence in partnering, teamwork, and quality performance.
  • Able to effectively give, receive, and respond to feedback.
  • Excellent oral and written communication skills with the ability to communicate security concepts to a technical and non-technical audience including senior management.
  • Demonstrated ability to establish relationships and build rapport to influence colleagues at all levels, uncover issues, and identify needs.

Preferred Qualifications

  • GWAPT certification a plus.
  • Cloud Security certifications a plus.
  • OSCP Certification a plus.
  • Web application penetration testing experience a plus.
  • Mobile application experience a plus.

The job description is not designed to cover or contain a comprehensive listing of required duties or responsibilities. Other duties, responsibilities and activities may change or be assigned at any time with or without notice.

Filevine is an Equal Opportunity Employer. Qualifications for employment, promotion and other terms and conditions of employment are based upon the ability to perform the job. Equal-employment opportunities are provided to all applicants and employees without regard to race, creed, religion, color, age, national origin, sex, disability, veteran status, or other legally protected class. Filevine is committed to providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or accommodation due to disability, or if you have concerns related to Filevine's equal employment opportunities, you may contact us at legal@filevine.com